Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Easy and site to site VPN on the same ASA interface

Hello,

Is it possible to configure the ASA5520 to support both easy and site-to-site VPN on the same outside interface!!!!

incase your answer is YES.. how could we do it !!

Regards,

2 REPLIES
New Member

Re: Easy and site to site VPN on the same ASA interface

sorry for causing confusion, i mean vpn client and site to site vpn.

New Member

Re: Easy and site to site VPN on the same ASA interface

Yes its' possible.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

In this sample configuration, Tiger is the remote PIX and Lion is the central PIX. Since the IP address of Tiger is unknown, you must configure Lion to dynamically accept connections from anywhere knowing the wild-card, pre-shared key. Tiger knows what traffic is to be encrypted (because it is specified by the access-list) and where the Lion endpoint is located. Tiger must initiate the connection. Both sides perform NAT and nat 0 in order to bypass NAT for IPsec traffic.

In addition, the remote user in this configuration connects to the central PIX (Lion) using the Cisco VPN Client 4.x. The remote user cannot connect to the remote PIX (Tiger) since both sides have dynamically assigned IP addresses and do not know where to send the request.

154
Views
0
Helpful
2
Replies
CreatePlease login to create content